BUG: corrupted list in dst_destroy

list_del corruption, ffff88807a010490->next is NULL
------------[ cut here ]------------
kernel BUG at lib/list_debug.c:53!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: netns cleanup_net
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 92 35 f9 06 cc 48 c7 c7 40 e6 29 8c 48 89 de e8 92 7e 64 fc 90 <0f> 0b 48 c7 c7 a0 e6 29 8c 48 89 de e8 80 7e 64 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88807a010490 RCX: 3a9e0b388ac91000
RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f402092
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125003000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0271347e20 CR3: 000000007b4e0000 CR4: 00000000003526f0
Call Trace:
 <IRQ>
 __list_del_entry_valid include/linux/list.h:132 [inline]
 __list_del_entry include/linux/list.h:223 [inline]
 list_del_init include/linux/list.h:295 [inline]
 dst_destroy+0x202/0x5a0 net/core/dst.c:163
 rcu_do_batch kernel/rcu/tree.c:2617 [inline]
 rcu_core+0x7cd/0x1070 kernel/rcu/tree.c:2869
 handle_softirqs+0x22a/0x870 kernel/softirq.c:626
 __do_softirq kernel/softirq.c:660 [inline]
 invoke_softirq kernel/softirq.c:496 [inline]
 __irq_exit_rcu+0x5f/0x150 kernel/softirq.c:727
 irq_exit_rcu+0x9/0x30 kernel/softirq.c:743
 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1056 [inline]
 sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1056
 </IRQ>
 <TASK>
 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:697
RIP: 0010:__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:179 [inline]
RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80 kernel/locking/spinlock.c:194
Code: f7 e8 fd 50 e6 f5 f7 c3 00 02 00 00 74 05 e8 70 aa 11 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> f4 13 d8 f5 65 8b 05 7d a3 85 07 85 c0 74 18 5b 41 5e c3 cc cc
RSP: 0018:ffffc90000127568 EFLAGS: 00000206
RAX: 0000000000000006 RBX: 0000000000000286 RCX: 0000000080000001
RDX: 0000000000000007 RSI: ffffffff8e017d97 RDI: 0000000000000001
RBP: ffffc90000127688 R08: ffffffff9033d9b7 R09: 1ffffffff2067b36
R10: dffffc0000000000 R11: fffffbfff2067b37 R12: ffff88807cb00690
R13: ffff88807cb00680 R14: ffff88807cb00630 R15: 1ffff11004c521b8
 spin_unlock_irqrestore include/linux/spinlock.h:407 [inline]
 ref_tracker_dir_exit+0x4e6/0x660 lib/ref_tracker.c:245
 free_netdev+0x459/0x8e0 net/core/dev.c:12197
 netdev_run_todo+0xf8d/0x1130 net/core/dev.c:11725
 default_device_exit_batch+0x986/0xa00 net/core/dev.c:13074
 ops_exit_list net/core/net_namespace.c:205 [inline]
 ops_undo_list+0x52b/0x940 net/core/net_namespace.c:252
 cleanup_net+0x56b/0x800 net/core/net_namespace.c:704
 process_one_work+0x949/0x1650 kernel/workqueue.c:3279
 process_scheduled_works kernel/workqueue.c:3362 [inline]
 worker_thread+0xb46/0x1140 kernel/workqueue.c:3443
 kthread+0x388/0x470 kernel/kthread.c:467
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190 lib/list_debug.c:52
Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 92 35 f9 06 cc 48 c7 c7 40 e6 29 8c 48 89 de e8 92 7e 64 fc 90 <0f> 0b 48 c7 c7 a0 e6 29 8c 48 89 de e8 80 7e 64 fc 90 0f 0b 4c 89
RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
RAX: 0000000000000033 RBX: ffff88807a010490 RCX: 3a9e0b388ac91000
RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f402092
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125003000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f0271347e20 CR3: 000000007b4e0000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	f7 e8                	imul   %eax
   2:	fd                   	std
   3:	50                   	push   %rax
   4:	e6 f5                	out    %al,$0xf5
   6:	f7 c3 00 02 00 00    	test   $0x200,%ebx
   c:	74 05                	je     0x13
   e:	e8 70 aa 11 f6       	call   0xf611aa83
  13:	9c                   	pushf
  14:	58                   	pop    %rax
  15:	a9 00 02 00 00       	test   $0x200,%eax
  1a:	75 27                	jne    0x43
  1c:	f7 c3 00 02 00 00    	test   $0x200,%ebx
  22:	74 01                	je     0x25
  24:	fb                   	sti
  25:	bf 01 00 00 00       	mov    $0x1,%edi
* 2a:	e8 f4 13 d8 f5       	call   0xf5d81423 <-- trapping instruction
  2f:	65 8b 05 7d a3 85 07 	mov    %gs:0x785a37d(%rip),%eax        # 0x785a3b3
  36:	85 c0                	test   %eax,%eax
  38:	74 18                	je     0x52
  3a:	5b                   	pop    %rbx
  3b:	41 5e                	pop    %r14
  3d:	c3                   	ret
  3e:	cc                   	int3
  3f:	cc                   	int3


Warning: Permanently added '10.128.0.111' (ED25519) to the list of known hosts.
2026/02/25 05:46:44 parsed 1 programs
[   73.509090][ T5819] cgroup: Unknown subsys name 'net'
[   73.623663][ T5819] cgroup: Unknown subsys name 'cpuset'
[   73.633135][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   75.079021][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.809974][ T5834] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   78.430679][ T5851] chnl_net:caif_netlink_parms(): no params data found
[   78.513478][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.521414][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.528762][ T5851] bridge_slave_0: entered allmulticast mode
[   78.537072][ T5851] bridge_slave_0: entered promiscuous mode
[   78.546551][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.553903][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.561306][ T5851] bridge_slave_1: entered allmulticast mode
[   78.568594][ T5851] bridge_slave_1: entered promiscuous mode
[   78.632339][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.644656][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.677378][ T5851] team0: Port device team_slave_0 added
[   78.685992][ T5851] team0: Port device team_slave_1 added
[   78.710550][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.717498][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   78.743458][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.756837][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.763834][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   78.790221][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.842842][ T5851] hsr_slave_0: entered promiscuous mode
[   78.849518][ T5851] hsr_slave_1: entered promiscuous mode
[   79.004198][ T5851] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.016554][ T5851] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.026423][ T5851] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.037255][ T5851] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.067028][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.074261][ T5851] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.082267][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.089420][ T5851] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.155204][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.175970][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   79.184850][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   79.199897][ T5851] 8021q: adding VLAN 0 to HW filter on device team0
[   79.214615][   T34] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.221833][   T34] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.236712][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.243903][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.408928][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.463023][ T5851] veth0_vlan: entered promiscuous mode
[   79.477117][ T5851] veth1_vlan: entered promiscuous mode
[   79.509142][ T5851] veth0_macvtap: entered promiscuous mode
[   79.522317][ T5851] veth1_macvtap: entered promiscuous mode
[   79.548452][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.564433][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.582613][   T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.592417][   T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.603800][   T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.613486][   T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.739047][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.812788][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.872039][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   79.942563][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.433446][ T5916] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   81.441927][ T5916] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   81.449463][ T5916] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   81.458889][ T5916] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   81.469111][ T5916] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   81.788635][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.800542][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.841775][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.849630][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
2026/02/25 05:46:55 executed programs: 0
[   82.312058][ T5916] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   82.319910][ T5916] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   82.328471][ T5916] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   82.336971][ T5916] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   82.345829][ T5916] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   82.519074][   T13] bridge_slave_1: left allmulticast mode
[   82.526263][   T13] bridge_slave_1: left promiscuous mode
[   82.533594][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.548805][   T13] bridge_slave_0: left allmulticast mode
[   82.556325][   T13] bridge_slave_0: left promiscuous mode
[   82.562340][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.717269][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   82.728345][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   82.738943][   T13] bond0 (unregistering): Released all slaves
[   82.757301][ T5931] chnl_net:caif_netlink_parms(): no params data found
[   82.833828][   T13] hsr_slave_0: left promiscuous mode
[   82.839749][   T13] hsr_slave_1: left promiscuous mode
[   82.846290][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.853749][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.861904][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.869392][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.882539][   T13] veth1_macvtap: left promiscuous mode
[   82.888098][   T13] veth0_macvtap: left promiscuous mode
[   82.894054][   T13] veth1_vlan: left promiscuous mode
[   82.899337][   T13] veth0_vlan: left promiscuous mode
[   83.067570][   T13] team0 (unregistering): Port device team_slave_1 removed
[   83.082020][   T13] team0 (unregistering): Port device team_slave_0 removed
[   83.200290][    C0] list_del corruption, ffff88807a010490->next is NULL
[   83.205002][ T5931] bridge0: port 1(bridge_slave_0) entered blocking state
[   83.207990][    C0] ------------[ cut here ]------------
[   83.219658][ T5931] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.219918][    C0] kernel BUG at lib/list_debug.c:53!
[   83.227607][ T5931] bridge_slave_0: entered allmulticast mode
[   83.232418][    C0] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[   83.240210][ T5931] bridge_slave_0: entered promiscuous mode
[   83.244623][    C0] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
[   83.244647][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   83.244659][    C0] Workqueue: netns cleanup_net
[   83.244695][    C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[   83.244725][    C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 92 35 f9 06 cc 48 c7 c7 40 e6 29 8c 48 89 de e8 92 7e 64 fc 90 <0f> 0b 48 c7 c7 a0 e6 29 8c 48 89 de e8 80 7e 64 fc 90 0f 0b 4c 89
[   83.244738][    C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[   83.244755][    C0] RAX: 0000000000000033 RBX: ffff88807a010490 RCX: 3a9e0b388ac91000
[   83.244768][    C0] RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
[   83.244779][    C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[   83.244793][    C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f402092
[   83.244806][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   83.244817][    C0] FS:  0000000000000000(0000) GS:ffff888125003000(0000) knlGS:0000000000000000
[   83.244831][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   83.261190][ T5931] bridge0: port 2(bridge_slave_1) entered blocking state
[   83.269927][    C0] CR2: 00007f0271347e20 CR3: 000000007b4e0000 CR4: 00000000003526f0
[   83.290308][ T5931] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.301203][    C0] Call Trace:
[   83.301227][    C0]  <IRQ>
[   83.301235][    C0]  dst_destroy+0x202/0x5a0
[   83.394956][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   83.400766][    C0]  ? rcu_core+0x751/0x1070
[   83.405169][    C0]  ? __pfx_dst_destroy_rcu+0x10/0x10
[   83.410442][    C0]  rcu_core+0x7cd/0x1070
[   83.414766][    C0]  ? __pfx_rcu_core+0x10/0x10
[   83.419429][    C0]  ? sched_clock_cpu+0x74/0x440
[   83.424271][    C0]  handle_softirqs+0x22a/0x870
[   83.429025][    C0]  ? __irq_exit_rcu+0x5f/0x150
[   83.433795][    C0]  __irq_exit_rcu+0x5f/0x150
[   83.438376][    C0]  irq_exit_rcu+0x9/0x30
[   83.442780][    C0]  sysvec_apic_timer_interrupt+0xa6/0xc0
[   83.448407][    C0]  </IRQ>
[   83.451324][    C0]  <TASK>
[   83.454244][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[   83.460226][    C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x47/0x80
[   83.466634][    C0] Code: f7 e8 fd 50 e6 f5 f7 c3 00 02 00 00 74 05 e8 70 aa 11 f6 9c 58 a9 00 02 00 00 75 27 f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 <e8> f4 13 d8 f5 65 8b 05 7d a3 85 07 85 c0 74 18 5b 41 5e c3 cc cc
[   83.486347][    C0] RSP: 0018:ffffc90000127568 EFLAGS: 00000206
[   83.492412][    C0] RAX: 0000000000000006 RBX: 0000000000000286 RCX: 0000000080000001
[   83.500369][    C0] RDX: 0000000000000007 RSI: ffffffff8e017d97 RDI: 0000000000000001
[   83.508328][    C0] RBP: ffffc90000127688 R08: ffffffff9033d9b7 R09: 1ffffffff2067b36
[   83.516286][    C0] R10: dffffc0000000000 R11: fffffbfff2067b37 R12: ffff88807cb00690
[   83.524422][    C0] R13: ffff88807cb00680 R14: ffff88807cb00630 R15: 1ffff11004c521b8
[   83.532473][    C0]  ref_tracker_dir_exit+0x4e6/0x660
[   83.537725][    C0]  ? __pfx_ref_tracker_dir_exit+0x10/0x10
[   83.543442][    C0]  ? lockdep_hardirqs_on+0x7a/0x110
[   83.548624][    C0]  ? kfree+0x1c1/0x630
[   83.552871][    C0]  ? dev_addr_flush+0x18f/0x210
[   83.557723][    C0]  free_netdev+0x459/0x8e0
[   83.562123][    C0]  ? kfree+0x1c1/0x630
[   83.566274][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[   83.572073][    C0]  netdev_run_todo+0xf8d/0x1130
[   83.576911][    C0]  ? __pfx_netdev_run_todo+0x10/0x10
[   83.582265][    C0]  ? unregister_netdevice_queue+0x19b/0x360
[   83.588142][    C0]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[   83.594371][    C0]  ? batadv_meshif_destroy_netlink+0x1b0/0x250
[   83.600525][    C0]  default_device_exit_batch+0x986/0xa00
[   83.606167][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[   83.612331][    C0]  ? __pfx_default_device_exit_batch+0x10/0x10
[   83.618507][    C0]  ops_undo_list+0x52b/0x940
[   83.623122][    C0]  ? __pfx_ops_undo_list+0x10/0x10
[   83.628322][    C0]  ? idr_destroy+0x218/0x290
[   83.633006][    C0]  ? do_raw_spin_unlock+0xf5/0x210
[   83.638124][    C0]  cleanup_net+0x56b/0x800
[   83.642541][    C0]  ? __pfx_cleanup_net+0x10/0x10
[   83.647472][    C0]  ? process_one_work+0x87c/0x1650
[   83.652595][    C0]  process_one_work+0x949/0x1650
[   83.657528][    C0]  ? __pfx_process_one_work+0x10/0x10
[   83.662904][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[   83.667935][    C0]  worker_thread+0xb46/0x1140
[   83.672618][    C0]  kthread+0x388/0x470
[   83.676774][    C0]  ? __pfx_worker_thread+0x10/0x10
[   83.681899][    C0]  ? __pfx_kthread+0x10/0x10
[   83.686471][    C0]  ret_from_fork+0x51e/0xb90
[   83.691059][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[   83.696159][    C0]  ? __switch_to+0xc7d/0x1450
[   83.700824][    C0]  ? __pfx_kthread+0x10/0x10
[   83.705417][    C0]  ret_from_fork_asm+0x1a/0x30
[   83.710181][    C0]  </TASK>
[   83.713185][    C0] Modules linked in:
[   83.717162][    C0] ---[ end trace 0000000000000000 ]---
[   83.722734][    C0] RIP: 0010:__list_del_entry_valid_or_report+0xdf/0x190
[   83.729761][    C0] Code: 49 39 1f 0f 85 9e 00 00 00 b0 01 5b 41 5c 41 5d 41 5e 41 5f e9 92 35 f9 06 cc 48 c7 c7 40 e6 29 8c 48 89 de e8 92 7e 64 fc 90 <0f> 0b 48 c7 c7 a0 e6 29 8c 48 89 de e8 80 7e 64 fc 90 0f 0b 4c 89
[   83.749417][    C0] RSP: 0018:ffffc90000007d58 EFLAGS: 00010046
[   83.755559][    C0] RAX: 0000000000000033 RBX: ffff88807a010490 RCX: 3a9e0b388ac91000
[   83.763516][    C0] RDX: 0000000000000100 RSI: 0000000000000102 RDI: 0000000000000000
[   83.771476][    C0] RBP: 0000000000000203 R08: ffffc90000007ae7 R09: 1ffff92000000f5c
[   83.779453][    C0] R10: dffffc0000000000 R11: fffff52000000f5d R12: 1ffff1100f402092
[   83.787413][    C0] R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
[   83.795457][    C0] FS:  0000000000000000(0000) GS:ffff888125003000(0000) knlGS:0000000000000000
[   83.804372][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   83.810937][    C0] CR2: 00007f0271347e20 CR3: 000000007b4e0000 CR4: 00000000003526f0
[   83.818904][    C0] Kernel panic - not syncing: Fatal exception in interrupt
[   83.826454][    C0] Kernel Offset: disabled
[   83.830787][    C0] Rebooting in 86400 seconds..


syzkaller build log:
go env (err=<nil>)
AR='ar'
CC='gcc'
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_ENABLED='1'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
CXX='g++'
GCCGO='gccgo'
GO111MODULE='auto'
GOAMD64='v1'
GOARCH='amd64'
GOAUTH='netrc'
GOBIN=''
GOCACHE='/syzkaller/.cache/go-build'
GOCACHEPROG=''
GODEBUG=''
GOENV='/syzkaller/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFIPS140='off'
GOFLAGS=''
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build3026588339=/tmp/go-build -gno-record-gcc-switches'
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMOD='/syzkaller/jobs/linux/gopath/src/github.com/google/syzkaller/go.mod'
GOMODCACHE='/syzkaller/jobs/linux/gopath/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/syzkaller/jobs/linux/gopath'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTELEMETRY='local'
GOTELEMETRYDIR='/syzkaller/.config/go/telemetry'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.24.4'
GOWORK=''
PKG_CONFIG='pkg-config'

git status (err=<nil>)
HEAD detached at 1e62d198252
nothing to commit, working tree clean


tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
go list -f '{{.Stale}}' -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=1e62d1982527c3b4e18df04d61f2560fa1f434cc -X github.com/google/syzkaller/prog.gitRevisionDate=20260213-152336"  ./sys/syz-sysgen | grep -q false || go install -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=1e62d1982527c3b4e18df04d61f2560fa1f434cc -X github.com/google/syzkaller/prog.gitRevisionDate=20260213-152336"  ./sys/syz-sysgen
make .descriptions
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
Makefile:31: run command via tools/syz-env for best compatibility, see:
Makefile:32: https://github.com/google/syzkaller/blob/master/docs/contributing.md#using-syz-env
bin/syz-sysgen
touch .descriptions
GOOS=linux GOARCH=amd64 go build -ldflags="-s -w -X github.com/google/syzkaller/prog.GitRevision=1e62d1982527c3b4e18df04d61f2560fa1f434cc -X github.com/google/syzkaller/prog.gitRevisionDate=20260213-152336"  -o ./bin/linux_amd64/syz-execprog github.com/google/syzkaller/tools/syz-execprog
mkdir -p ./bin/linux_amd64
g++ -o ./bin/linux_amd64/syz-executor executor/executor.cc \
	-m64 -O2 -pthread -Wall -Werror -Wparentheses -Wunused-const-variable -Wframe-larger-than=16384 -Wno-stringop-overflow -Wno-array-bounds -Wno-format-overflow -Wno-unused-but-set-variable -Wno-unused-command-line-argument -static-pie -std=c++17 -I. -Iexecutor/_include   -DGOOS_linux=1 -DGOARCH_amd64=1 \
	-DHOSTGOOS_linux=1 -DGIT_REVISION=\"1e62d1982527c3b4e18df04d61f2560fa1f434cc\"
/usr/bin/ld: /tmp/ccL6rzBw.o: in function `Connection::Connect(char const*, char const*)':
executor.cc:(.text._ZN10Connection7ConnectEPKcS1_[_ZN10Connection7ConnectEPKcS1_]+0x386): warning: Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
./tools/check-syzos.sh 2>/dev/null